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DETAILED ACTION 
Response to Arguments 

Applicant's arguments filed 12/05/06 have been fully considered but they are not persuasive. 
Applicant states that: 

(a) Lewis fails to assign "a role signature, assignable to a plurality of users," on the basis 
of a "performed security check." 

(b) The access code of Lewis is not "assignable to a plurality of users." 

(c) The access code of Lewis is not assigned "on the basis of a performed security 

check." 

(d) The access code of Lewis is generated based on a verification of the user's identity, 
but not assigned "on the basis of a security check." 

With respect to (a), (b), and (c), see Lewis col. 4, lines 13-25. Lewis teaches that once 
authorization has been established, the user's identification value may be converted into one or 
more access codes that may be used to provide access. Lewis teaches that these access codes 
may be used to access group accounts. This allows for the possibility of more than one user 
having access to the same account. Thus examiner concludes that since more than one user 
may be assigned to a single account, the access code pertaining to that account is assignable to 
a plurality of users. Further, examiner interprets authorization to be analogous to a "performed 
security check". 

With respect to (d), examiner interprets generation of an access code based on 
verification of a user's identity is analogous to assigning on the basis of a security check. 
Therefore, the rejections of the claims are deemed to be proper. 



CLAIMS PRESENTED 

Claims 1-36 are presented. 
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CLAIM REJECTIONS 

Claim Rejectio ns - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in 
public use or on sale in this country, more than one year prior to the date of application for patent in 
the United States. 

Claims 1-36 are rejected under 35 U.S.C. 102(b) as being anticipated by Lewis 

(US Patent No. 6,213,391). 

As per claims 1, 9, 16, and 29, Lewis teaches: 

A method for signing access operations to electronic data, comprising: 
performing a security check in order to ascertain the identity of a user; 

assigning a user signature [authorized profile], identifying the user, on the basis of the performed 
security check without being viewable by the user; 

assigning a role signature [access code], assignable to a plurality of users, on the basis of the 
performed security check without being viewable by the user; and 

permitting an access operation to electronic data by specifying the user signature and the role 
signature. 

[see col. 7, lines 40-42] "Housed within enclosure 1 is the verifying means 2 which 
determines whether the person using the card is an authorized user of the card. " 

[see col. 7, lines 43-45] "input 12 receives analog identification information which is 
converted by verifying means 2 into a digital representation of the potential user's 
identification profile." 

[see col. 7, lines 50-52] "Once received by input 12, analyzing means 2 converts the 
analog signal to a digital voice pattern identification profile." 

[see col. 7-8, lines 66-67, 1-2] "the invention anticipates the use of some unique biometric 
characteristic of the potential user (e.g. voice print, fingerprint, DNA, palm print or other 
such unique biometric characteristic)." 

[see col. 8, lines 10-18] "verifying means 2 obtains any authorized profiles associated 
with the account from the built in storage medium 6, and then compares the stored profile 
to the potential user's spontaneously created profile. If the spontaneous profile 
calculated by verifying means 2 matches, or is within an acceptable discrepancy value 
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range of any of the authorized profile stored in the built in storage medium 6, then the 
verifying means 2 generates a "Positive ID" signal on signal line 3. " 



[see col. 8, lines 42-45] "code generator 5 uses an algorithm obtained from memory chip 
7 to convert user's unique identification profile into an access code associated with the 
secure objective." 

[see col. 8-9, lines 66-67, 1-3] "Once the user's unique identification profile has been 
transformed into an appropriate access code by code generator 5, the access code is 
output to output port 1 1 where it may be received by a secure objective to determine 
whether access is granted." 

As per claims 2, 10, and 30, Lewis teaches: 

The method as claimed in claim 1 , wherein the security check involves biometric data from the 
user being ascertained. 

[see rejection of claim 1] 
As per claims 3, 11, 17, 23, and 31, Lewis teaches: 

The method as claimed in claim 1, wherein the security check involves reading at least one of an 
electronic and mechanical key. 

[see col. 9, lines 38-42] "Remote control unit 13 allows the identification device to be 
used in a variety of ways from a remote location (for example, as a key pass, or a user 
specific car alarm remote control key, or even highly interactive functions such as remote 
control use at an A TM machine). " 

As per claims 4, 12, 18, 19, 24, 25, and 32, Lewis teaches: 

The method as claimed in claim 1 , wherein the user signature to be assigned is ascertainable on 
the basis of the data ascertained in the security check, by checking a user signature memory. 

[see col. 8, lines 10-13] "verifying means 2 obtains any authorized profiles associated with 
the account from the built in storage medium 6, and then compares the stored profile to 
the potential user's spontaneously created profile." 

As per claims 5, 13, 20, 21, 26, 27, and 33, Lewis teaches: 

The method as claimed in claim 1 , wherein the role signature to be assigned is ascertainable on 
the basis of the data ascertained in the security check, by checking a role signature memory. 

[see col. 10, lines 27-29] "Programmable memory unit 26 provides the code generator 23 
with code generating algorithms which it utilizes to calculate the account specific access 
codes." 

As per claims 6, 14, 22, 28, 34, and 35, Lewis teaches: 

The method as claimed in claim 4, wherein the user signature memory is checked using a data 
telecommunication link. 
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[see col. 5, lines 64-47] "the system of the present invention, as disclosed herein, may 
include a means for generating unique access codes for use in identifying a user via 
telephone or computer modem. " 

As per claim 7, Lewis teaches: 

The method as claimed in claim 1 , wherein one user is assignable a plurality of role signatures 
simultaneously. 

[see col. 4, lines 13-17] "Once authorization has been established, the digital 
representation of the identification value may be converted into one or more access 
codes which may be used to provide access to a particular one of any number of secure 
accounts or databases, restricted areas, or other secure objectives." 

As per claims 8, 15, and 36, Lewis teaches: 

The method as claimed in claim 1 , wherein the data are medically relevant, wherein the users are 
medical specialist personnel, and wherein the roles are formed in line with the workgroups within 
the medical specialist personnel. 

[see col. 5 lines 12-21] "As a healthcare services card the present invention may provide 
a quick and efficient means for positive identification and access to medical history. In 
emergency situations such information must be quickly obtained in order to provide safe 
and adequate diagnosis and treatment. Because many emergency patients arrive at the 
emergency room unconscious, the disclosed invention is particularly suited to allow ER 
physicians and nurses rapid access to important medical information that they would not 
otherwise be able obtain from the patient herself." 



CONCLUSION 

The following patents and publications are cited to further show the state of the art with 
respect to signing data access control. 

US PGP No. 20010009026 to Terao, which is cited to show authentication user's access 
rights to resources. 

US PGP No. 20010021926 to Schneck, which is cited to show controlling access and 
distribution of digital property. 

US PGP No. 20010052541 to Kang, which is cited to show electronic signature based on 
fingerprint recognition: 

US PGP No. 20020049907 to Woods, which is cited to show permission based data 
exchange. 

US PGP No. 20020095605 to Royer, which is cited to show managing user access to 
network compatible applications. 

US PGP No. 20020097142 to Janiak, which is cited to show biometric authentication for 
use with token fingerprint data storage. 
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US PGP No. 20020129248 to Wheeler, which is cited to show account-based digital 
signature system. 



US PGP No. 20020150241 to Scheidt, which is cited to show electronically signing a 
document. 

US PGP No. 20020152400 to Zhang, which is cited to show granting indefinite use of 
software options resident on a device. 

US PGP No. 20020162005 to Ueda, which is cited to show access right setting device 
and manager terminal. 

US PGP No. 20020162030 to Brezak, which is cited to show controlling access to 
resources based on authentication. 

US PGP No. 20020174344 to Ting, which is cited to show authentication using 
biometrics. 

US Patent No. 5325294 to Keene, which is cited to show a medical privacy system. 

US Patent No. 5661805 to Miyauchi, which is cited to show signature verification capable 
of obtaining information required for a document recipient. 

US Patent No. 5953419 to Lohstroh, which is cited to show cryptographic file labeling for 
supporting secured access by multiple users. 

US Patent No. 65231 16, to Berman, which is cited to show secure personal information 
card database system. 



POINTS OF CONTACT 

*. Any response to this Office Action should be faxed to (571) 273-8300 or mailed to: 

Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 

Hand-delivered responses should be brought to 

Customer Service Window 
Randolph Building 
401 Dulaney Street 
Alexandria, VA 22314 

*. Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Daniel L. Hoang whose telephone number is 571-270-1019. The examiner 
can normally be reached on Monday - Thursday, 8:00 a.m. - 5:00 p.m., EST. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

supervisor, Nasser Moazzami can be reached on 571-272-4195. The fax phone number for the 

organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Priva te PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For more 
information about the PAIR system, see http://pair-direct.uspto.gov. Should you have 
questions on access to the Private PAIR system, contact the Electronic Business Center 
(EBC) at 866-217-9197 (toll-free). 





Daniel L. Hoang 
3/05/07 



